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FIELD OF THE INVENTION 

The invention relates to a method, and a corresponding terminal, of detecting a 
presence of a circuit extending/tampering arrangement 

5 . BACKGROUND OF THE INVENTION 

Smart cards are commonly used in a wide range of applications for the 
purpose of authority check, payment, satellite TV, data storage, etc. As an example the health 
insurance and banking industries use smart cards extensively. A smart card usually resembles 
a credit card in size and shape, but typically contains an embedded microprocessor inside. A 

1 0 terminal with a card reader communicates with the microprocessor which controls access to 
the data on the card. Smart cards may e.g. be used with a smart card reader attached to or 
located in a personal computer to authenticate a user, etc. Smart card readers can also be 
found in mobile phones for SIM reading and vending machines. 

For a private and/or in-home terminal with a smart card reading capability, 

15 such as a set top box (STB), integrated digital television (IDTV), Digital TVs, home 

gateways, access systems, GSMs, Intemet audio sets, car systems, etc. the possibilities to spy 
on the electronic communication between a smart card and/or a secure access card and the 
terminal is much greater than in a public automated teller machine (ATM) or similar semi- 
pubUc/public terminals e.g. used for/in connection with e-commerce. This enables attack on 

20 the smart card that is not possible with conventional smart card applications in public and/or 
semi-public terminals, due to the operation in a private sphere. 

A financial.and service industry consortium Finread in Europe is attempting to 
standardize a form of e-commerce terminals used m pubUc ATM and personal computers 
(PCs), and also for future STBs, IDTV and similar home terminals. Up untU now, the 

25 consortium has focused on expensive tamper detection and tamper resistant constructions for 
home e-commerce terminals. Embedded Finread is a part of the Finread consortium 
examining the issues of low-cost terminals for e-commerce such as IDTV, Jave terminals and 
STBs. The cost of temper resistant and other counter measures normally adopted for 
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dedicated tenninals (i.e. ATMs) are considered to complex and/or expensive for the low cost 
hometenninals. 

A variety of smart cards/secure access cards exist, some with no sophisticated 
processing power, typically memory only caids. Other cards, typically so-called multi- 
5 appUcation/multi-function cards, comprise more advanced properties and functions typically 
providing secure authentication of the user/owner of the card e.g. in relation to gaining access 
to equipment, accounts, functions, transfer of money, e-commerce applications, etc. 

Such cards have on-card dynamic data processmg capabilities and allocate 
card memory into independent sections assigned to a specific function and/or plication. 
10 The multi-^lication/multi-function smart card is distributed by one issuer 

but aUows two or more applications/functions to be resident on the smart card. Typically, 
advanced 32-bit processor cards are used for tihis puipose. 

A Java smart card is a smart card with a Java Virtual Machine (JVM) that 
allows appUcations to enter and reside on the card. In this way, a Java smart card is a first 
15 • step towards multi-appUcation smart cards. 

As mentioned traditional smart cards only run one process, while a Java smart 
card have the capabiUty to run multiple processes on the card, which is an enhancement of 
the smart card protection capabiUty that allows the smart card not only to perform secured 
transaction, but also to monitor itself and the presence of an attack. 
20 ^ device typicaUy designated a sub-terminal is a device which includes some 

features of a terminal, i.e. user input, display, storage and a remote connection to the Ihtemet, 
or a broadcast channel, but not all. Thus a terminal is complete, and exaiiq)les are e.g. BDTV, 
STB or GSM (or similar cellular systems like 3G, UMTS, GPRS, eto.). but a sub-terminal is 
incomplete. In this way, a sub-terminal is a low-cost version of a terminal that provides some 
25 but not all the functionality of a terminal. One example of a sub-terminal is e.g, a TV remote 
control. The sub-terminal may e.g. also be the conditional access module (typically denoted 
POD (point of dq)loyment) in the US) of the conditional access system implemented in a 
STB and/or a TV. The conditional access module is a DVB based term derived from the 
Common Interface concept for DVB tenninals. 

Most system can be attacked successfully by a sufBciently resourced attacking 
entity. It is however necessary to provide sufficient defense (protection and/or detection) 
against a reasonably resourced security attack or at least provide counter measures that are 
sufficient to make a single form of attack no more successfully than others. It is also 
desirable to enable this in an inexpensive way. 
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A feke terminal can be used to gain access to an unwary user's pin-code or 
other ^Ucation infonnation of the card, which is hard to defend against, and would require 
other protection/detection schanes than provided by the present invention. 

However, a typical security attack on genuine tenninals/sub-terminals is the 
insertion of circuit extending equipment like an extender, sampling circuit(s), emulation 
circuit(s), etc. in the electrical signal path(s) between a terminal a^d a smart card, where the 
circuit extending equipment is coupled both to the smart card to be observed and to any 
electrical equipment which is used to spy on the communication between the card and the 
termiiial. 



OBJECT AND SUMMARY OF THE INVENTION 

It is an object of &e invention to provide a method (and corresponding 
terminal) of detecting apresence of a circuit extending/tampering arrangement, where the 
method (and system) provides detection and/or protection against inserted fraud equipment. 
A further object is to provide this in an inexpensive way Yet a further object is to enable this 
using a minimum of electrical measurements. 

This is achieved by a method of detecting a presence of a circuit extending 
arrangement inserted between a physical interface, connected to a terminal, and a smart card, 
the physical interface being adapted to receive the smart card), the method comprising the 
steps of: 

• measuring at least one electrical characteristic of the physical interface, and 

• determining whether a circuit extending arrangement, changing at least one 
characteristic of said physical interface, is coupled to said physical interfece on the 
basis said measurement. 

In this way, detection of a circuit extending arrangement is provided. 
In one embodiment, the step of measuring comprises: 

• measuring a first current provided from said terminal to said smart card via said 
physical interface, 

• measuring a second current returned from said smart card to said tenninal, 
and in fliat said method further comprises the step of 

• comparing whether said first and said second current is substantially equal, and if 
not determining that a circuit extending arrangement is present. 

Hereby, a very simple and reliant way of detecting a circuit extending 
arrangement is obtained. 
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In one embodiment, Ihe method further comprises a step of: 

• «»°iParing said measured at least one electrical characteristic with at least one 
electrical characteristic as caUbrated during manufecture. 

In one embodiment, the physical interfece has been calibrated to create at least 
one viable, but non-stable, electrical property at the physical level, the at least one property 
allowmg nomial tiansaction with said smart card, but causing the interfece to fail if an circuit 
extending arrangement is coupled to said physical interface. 

Hereby, the failure of the interfece would tiius resist the attack of tampering 

directly. 

hi one embodiment, the at least one non-stable electrical property relates to 
current and/or voltage characteristics of said physical mterface. 

In one embodiment, the method further comprises the step of; 

• i^gttlating the use ofthe smart card on the basis ofsaid step of comparing. 

In this way. the temiinal could e.g. either warn the user and/or the card issuing 
authonty (e.g. usmg the communications/IP link). The transaction, the access, etc. relating to 
the card would then be temimated and/or carefully monitored by the execution/issumg 
authority. 

The present invention also relates to a terminal corresponding to the method 
according to the present invention. 

More specifically, the invention relates to a temiinal for detectmg a presence 
of a circuit extending arrangement mserted between a physical mterfece. comiected to said 
termmal, and a smart card, the physical interfece being adapted to receive said smart card, the 
termmal comprising a monitoring circuit comprising 

. means for measuring at least one electrical characteristic of the physical interface, and 

• for determming whether a circmt extending arrangement, changing at 1^^^ 

characteristic of said physical interface, is coupled to said physical interfece on the 
basis an output of means for measuring. 

In one embodhnent. the means for measuring comprises: 

. ^fi«t°^^"re circuit measuring a first current provided fiom said termmal to said 
smart card via said physical interface, 

. a second measure circuit aieasuring a second current returned from said smart card to 
said terminal, 
and the terminal further comprises 
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• a <»mparatorcoimected to said to and second measure dicuit and ^ 
compare whether said first and said second current is substantiaUy equal, and if 
not generating a signal representing that a circuit extending arrangement is 
present 

In an alternative embodiment, the terminal further comprises a comparator for 
conq,aiing said measured at least one electrical characteristic with at least one electrical 
characteristics as calibrated during manufacture. 

In one embodiment, the physical interface has been caUbrated to create at least 
one viable, but non-stable, electrical property at the physical level, the at least one property 
allowing nomial transaction with said smart caiti. but causing the interface to feil if an circuit 
extending arrangement is coiq>led to said physical interfece. 

In one embodiment, the at least one non-stable electrical property relates to 
current and/or voltage characteristics of said physical interface. 

In one embodiment, the teraMnal further comprises: 

• means for regulating the use of the smart card on the basis of said signal fiom said 
conq)arator. 

Further, the invention also relates to a computer readable medium having 
stored thereon instractions for causing one or more processing units to execute the method 
according to the present invention. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 schematically illustrates a smart card; 

Figure 2 illustrates a smart card and a prior art teiminal; 

Figure 3 iUustrates an example of an un-tampered circuit according to the 
present invention; 

Figure 4 illustrates an example of a tampered circuit according to the present 

invention. 

DESCRIPTION OF PREFERRED EMBODIMENTS 

Figure 1 schematically illustrates a typical smart card. Shown is a security 
card/a smart card (100) that is well known m the prior art. Typically the card (100) has the 
form of standard size credit card, although the form, layout, size. etc. may vary. The card 
(100) typicaUy comprises embedded memory, a processor/controller and input/output (I/O) 
used for communication with an ^piopriate card reader/(sub-)teiminal (not shown) via a 
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number of contacts (100'). The shown contacts (100') (the size of which is 
exaggerated/enlarged for illustrative purposes) complies with the standard of ISO 7816 part 2 
and comprises power supply (10), ground (1 1), three optional contacts/pins (12, 14, 15) that 
may be used for different fimctionaUty dependent on the specific card, a bi-directional 
5 input/output pin (13), check (16) and reset (17). All of these signals are provided by a 

terminal, receiving the card, to the smart caid (100), and the terminal is expected to monitor 
the bi-directional mput/output (13) according to the standard protocols in order to observe the 
response of the smart card (100). 

Such a card (100) may be used to store information like PIN-codes, 

10 identification information, personal information, security infomiation, etc. 

Figure 2 illustrates a smart card and a typical prior art terminal. Shown are flie 
smart card (100) and the terminal (101) that conmiunicates via a physical smart card interfece 
(1 15). The terminal (101) comprises a main processor (105) and a generalized standard smart 
card interfece (106) preferably integrated into or embedded in an integrated circuit (IC) (1 10) 

15 in the terminal (101). Optionally the terminal (101) also comprises a communications/IP Unk 
e.g. usefijl for various e-commerce applications and/or other fionctions. 

When inserted in a private and/or home terminal/sub-terminal (101) (both 
forth denoted terminal), a smart card (100) would be supplied with power fix)m a power 
supply fi-om a central source, and the ground would be the central ground of the terminal's 

20 (101) electrical systems, since a smart card (100) does not have a power supply. Control 
signals of the physical smart card interface (1 15) in the terminal (101) would typically be 
provided by a serial smart card interface (106) progranmied by tiie central processor(8) (105) 
of the terminal (101) to execute the standard protocols to address die smart card's physical 
interface (1 15). This is a very cheap and flexible arrangement, which allows developers of 

25 terminal/STB software to use standard electronic interfaces and processes to access the cards. 
However, tiie usage of a standard serial interfiw^s (106) makes the terminal (101) open to 
forms of tampering by spying on the communication, as described above. 

Figure 3 illustrates an example of an un-tampered circuit according to the 
present invention. Shown are a smart card/secure access card (100) and a terminal (101) 

30 modified according to the present invention. The smart card (100) and tiie physical interiface 
(115) correspond to the ones shown and explained in connection wifli Figure 2. 

The terminal (101) corresponds to flie one shown and explained in connection 
Figure 2 witii tiie exceptions fhat it comprises a specialized smart card interfece/controUer 
(113) instead of tiie generalized interface (106 in Figure 2) and tiiat it fiuther comprises a 
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monitoring/detection circuit (1 14), preferably integrated in/embedded into an IC (110), 
constituting the fiinctionaHty of the terminal (101), and connected to the main processor 
(105) and the physical smart card inter&ce (115). 

Interface pins or other connections of the IC (1 10) is then directly coupled to 
the mechanical interface (1 15) that couples to the smart card (100). In this way, the IC (1 10) 
may be equipped with additional functionaUty aUowing for electrical measurements of the 
physical/mechanical interface (1 15) to be made in order to detect tampering with the 
interface (115) which could aUow for spying on the communication via the interface (1 15). 

In the shown embodiment, the terminal (101) comprises a monitoring process 
done by the monitoring/detection circuit (1 14) that monitors and compares certain electrical 
characteristics of the physical interfece (115), as explained in greater detail in the foUowing. 

As mentioned, a smart card (100) is an electrical circuit without internal power 
source(s) where a terminal (101) suppUes the energy, i.e. the currents in the smart card (100). 
This means that the sum of all DC and AC currents suppUed to the card (Isc) must be 
returned to the source, i.e. the smart card interface/controller (1 13) in the IC (1 10) in the 
terminal (101). If there is a leakage of current (either DC and'or AC) from the source that is 
not returned back to the source then either interference and/or tampering must be present 
Such tampering may e.g. be a monitoring/spy circuit, an extender, etc. with powered 
sensors/amplifiers. The monitoring/detection circuit (1 14) according to the present invention 
is able to sense either the AC or DC loss of current to return paths, i.e. sources, other than the 
terminal itself 

In die embodiment shown in Figure 2, the monitoring/detection circuit (1 14) 
more specifically conq)rises a first current monitor (102a) coupled to a VDD connection (e.g. 
the power pin (10) in Figure 1) and measuring/monitoring the currant (denoted foo) and a 
second current monitor (102b) coupled to a VSS connection (e.g. the ground pin (1 1) in 
Figure 1) and measuring/monitoring the current (denoted Iss). The first and second current 
monitors (102a, 102b) are both connected to a comparator circuit (103) that compares foo and 
Iss in order to determine if they are (substantially) equal or different (at all or by a factor 
greater than a predetermined factor), i.e. if Iss (substantially) = Idd or not. If they are equal, it 
signifies that that the current introduced to the smart card (100) from the terminal (100) is 
also returned again signifying that no tampering circuit has been inserted. If the currents are 
different (e.g. by more than a margin taking into account normal interference), it signifies 
that a spy cuxuit, tampering circuit, extending arrangement, etc. has been inserted. 
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The coiiq)arator (103) is connected to a controller (104) that on the basis of the 
signal received from the comparator (103) generates a control signal that is suppUed to the 
main processor(s) (105). In this way, the main processor(s) (1 05) may initiate appropriate 
action(s) if a tampering circxiit is detected. In the shown example, no tampering circuit is 
5 inserted and therefore the current introduced (Iss) into the card is (substantiaUy) equal to the 
current (Idd) returned back to the terminal (100). 

The detection circuit (1 10) may e.g. be a standard current mirror circuit 
comparing Iss and Iqd using a window function determined by the controller (104) and 
executed by the comparator (103). 

1® ^J^^erably.tiiec^abmty to re-caUbrate the interface between the card (100) 

and the terminal (101) is not available in the terminal (101). At least not without, the use of 
special equipment only available at the manufecturing site. 

An alternative embodiment comprises calibration of the interface used to 
create viable, but non-stable electrical properties at the physical level, e.g. time/timing, 

15 voltage and/or current, of the interface to the smart card (100). These properties should be 
viable enough to allow normal transaction with the card, but so dedicated to the electrical 
conditions that an insertion of circuit extending arrangement (111.1 12), e.g. an extender, 
monitoring device, etc., would cause the interface to fail. The feilure of the interfece would 
tiius resist the attack of tampering directly. 

2® Oil® implementation of this is to use an impedance-based method fliat uses 

current and/or voltage characteristics of the interface to create electrical conditions that are 
fragile. This is e.g. possible by creating driver circuits in the terminal (101) that are 
programmable to the electrical impedance of the signal path. Specifically these could use the 
signal path reflection characteristics. One condition for this may e.g. be that the signal 

25 transition time of the driver and a significant proportion of the flight time from source to 

receiver. In this case, the signal path has the properties of a transmission line thereby making 
an impedance-based method very practical. 

Yet a further embodiment comprises a monitoring process that compares 
known electrical characteristics of the interface (as caHbrated during manufacture) and the 

30 present conditions. The monitoring process would regulate the use of the smart card. If the 
present condition(s) of the actual card mserted into the terminal deviated from the calibrated 
conditions (e.g. at aU and/or within a predetermined margin) then the terminal could e.g. 
either warn the user and/or the card issuing authority (e.g. using the communications/IP Imk). 
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The transaction, the access, etc. relating to the card would then be terminated and/br carefully 
monitored by the execution/issuing authority. 

Figure 4 illustrates an exanq)le of a tampered cirouit according to the present 
invention. Shown is the arrangement shown in Figure 3 but with an extender (1 1 1) inserted 
and coupled to a spy/monitoring circuit (1 12). As the inserted extender (1 1 1) and/or spy 
circuit (1 12) introduces a 'leakage' of current, then fes wiU be different from Idd, i.e. all the 
current si^plied by the terminal is not received back, which will be detected by the 
comparator (103) and signaled by the controller (104) to the main processor (105). In this 
way, attempts at spying, tan^ering, etc. is readily detected by simple means. 



